letsencrypt-nginx-proxy-companion is a lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically. See Let's Encrypt section for configuration details.

Features:

Automatic creation/renewal of Let's Encrypt certificates using original nginx-proxy container.

Then start any containers you want to proxied with a env var VIRTUAL_HOST=subdomain.youdomain.com

$ docker run -e "VIRTUAL_HOST=foo.bar.com" ...

The containers being proxied must expose the port to be proxied, either by using the EXPOSE directive in their Dockerfile or by using the --expose flag to docker run or docker create. See nginx-proxy for more informations. To generate automatically Let's Encrypt certificates see next section.

Separate Containers (recommended method)

nginx proxy can also be run as two separate containers using the jwilder/docker-genimage and the official nginx image.

You may want to do this to prevent having the docker socket bound to a publicly exposed container service (avoid to mount the docker socket in the nginx exposed container). It's better in a security point of view.

To run nginx proxy as a separate container you'll need to have nginx.tmpl on your host system and set the NGINX_DOCKER_GEN_CONTAINER environment variable to the name or id of the docker-gen container.

Optional container environment variables

ACME_CA_URI - Directory URI for the CA ACME API endpoint (default: https://acme-v01.api.letsencrypt.org/directory). If you set it's value to https://acme-staging.api.letsencrypt.org/directory letsencrypt will use test servers that don't have the 5 certs/week/domain limits. You can also create test certificates per container (see let's encrypt test certificates)